The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the company’s internal network. The Chief Information Security Officer (CISO) was told to research and recommend how to secure this device.
Which of the following recommendations should be implemented to keep the device from posing a security risk to the company?

A. A corporate policy to prevent sensitive information from residing on a mobile device and anti-virus software.
B. Encryption of the non-volatile memory and a corporate policy to prevent sensitive information from residing on a mobile device.
C. Encryption of the non-volatile memory and a password or PIN to access the device.
D. A password or PIN to access the device and a corporate policy to prevent sensitive information from residing on a mobile device.

Answer: C Question: 62

The Chief Executive Officer (CEO) of a corporation decided to move all email to a cloud computing environment. The Chief Information Security Officer (CISO) was told to research the risk involved in this environment.
Which of the following measures should be implemented to minimize the risk of hosting email in the cloud?

A. Remind users that all emails with sensitive information need be encrypted and physically inspect the cloud computing.
B. Ensure logins are over an encrypted channel and obtain an NDA and an SLA from the cloud provider.
C. Ensure logins are over an encrypted channel and remind users to encrypt all emails that contain sensitive information.
D. Obtain an NDA from the cloud provider and remind users that all emails with sensitive information need be encrypted.

Answer: B
Question: 63

The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the internal network. The Chief Information Security Officer (CISO) was told to research and recommend how to secure this device.
Which of the following should be implemented, keeping in mind that the CEO has stated that this access is required?

The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and connected it to the internal network. The CEO proceeded to download sensitive financial documents through their email. The device was then lost in transit to a conference. The CEO notified the company helpdesk about the lost device and another one was shipped out, after which the helpdesk ticket was closed stating the issue was resolved.
This data breach was not properly reported due to insufficient training surrounding which of the following processes?

An employee was terminated and promptly escorted to their exit interview, after which the employee left the building. It was later discovered that this employee had started a consulting business using screen shots of their work at the company which included live customer data. This information had been removed through the use of a USB device. After this incident, it was determined a process review must be conducted to ensure this issue does not recur.
Which of the following business areas should primarily be involved in this discussion? (Select TWO).